Author: hawk Date: Thu Jul 14 19:15:20 2011 GMT Module: packages Tag: HEAD ---- Log message: - add authenticated bits information into the dummy generated Received-header for SpamAssassin to facilitate adding a rule to score mail from authenticated clients, taken from Fedora
---- Files affected: packages/spamass-milter: spamass-milter-bits.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/spamass-milter/spamass-milter-bits.patch diff -u /dev/null packages/spamass-milter/spamass-milter-bits.patch:1.1 --- /dev/null Thu Jul 14 21:15:20 2011 +++ packages/spamass-milter/spamass-milter-bits.patch Thu Jul 14 21:15:15 2011 @@ -0,0 +1,289 @@ +Add authenticated bits information into the dummy generated +Received-header for SpamAssassin to facilitate adding a rule +to score mail from authenticated clients. + +Discussion: +http://bugzilla.redhat.com/496769 +http://www.gossamer-threads.com/lists/spamassassin/users/146948 + +This patch also moves some of the macro collection to the +ENVFROM callback, where the required macros are available by default. + +diff -up spamass-milter-0.3.2/README.bits spamass-milter-0.3.2/README +--- spamass-milter-0.3.2/README.bits 2008-04-23 17:11:42.000000000 +0100 ++++ spamass-milter-0.3.2/README 2011-02-15 11:02:47.877271392 +0000 +@@ -55,15 +55,26 @@ configuring sendmail through m4 & the se + adding the lines + + INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl +-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl +-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl +-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl ++define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl + + should do the trick. Of course you need to modify the path of the + socket if you put another one into the startup script. The timeouts + have been increased somewhat because SpamAssassin may chew on it for a + little while on a slow machine. + ++If you are using multiple milter mail filters on your mail server, you may ++have overridden the default values of some of the confMILTER_MACROS_* ++macros whilst configuring the other filters. You need to ensure that at ++least the following values are present: ++ ++confMILTER_MACROS_CONNECT must include the {j} and {_} macros ++(all included by default) ++ ++confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen} and {auth_ssf} ++macros (all included by default) ++ ++confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros ++ + Now recreate sendmail.cf, restart sendmail and experiment around a bit + with the setup to make sure it is working. + +diff -up spamass-milter-0.3.2/spamass-milter.cpp.bits spamass-milter-0.3.2/spamass-milter.cpp +--- spamass-milter-0.3.2/spamass-milter.cpp.bits 2011-02-15 10:53:49.349259089 +0000 ++++ spamass-milter-0.3.2/spamass-milter.cpp 2011-02-15 10:53:49.353259721 +0000 +@@ -678,6 +678,7 @@ sfsistat + mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr) + { + struct context *sctx; ++ const char *macro_j, *macro__; + int rv; + + debug(D_FUNC, "mlfi_connect: enter"); +@@ -695,8 +696,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna + } + sctx->assassin = NULL; + sctx->helo = NULL; +- +- /* store a pointer to it with setpriv */ ++ sctx->our_fqdn = NULL; ++ sctx->sender_address = NULL; ++ sctx->queueid = NULL; ++ sctx->auth_authen = NULL; ++ sctx->auth_ssf = NULL; ++ ++ /* store our FQDN */ ++ macro_j = smfi_getsymval(ctx, const_cast<char *>("j")); ++ if (!macro_j) ++ { ++ macro_j = "localhost"; ++ warnmacro("j", "CONNECT"); ++ } ++ sctx->our_fqdn = strdup(macro_j); ++ ++ /* store the validated sending site's address */ ++ macro__ = smfi_getsymval(ctx, const_cast<char *>("_")); ++ if (!macro__) ++ { ++ macro__ = "unknown"; ++ warnmacro("_", "CONNECT"); ++ } ++ sctx->sender_address = strdup(macro__); ++ ++ /* store a pointer to our private data with setpriv */ + rv = smfi_setpriv(ctx, sctx); + if (rv != MI_SUCCESS) + { +@@ -745,7 +769,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro + { + SpamAssassin* assassin; + struct context *sctx = (struct context *)smfi_getpriv(ctx); +- const char *queueid; ++ const char *queueid, *macro_auth_ssf, *macro_auth_authen; + + if (sctx == NULL) + { +@@ -787,17 +811,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro + + // remember the MAIL FROM address + assassin->set_from(string(envfrom[0])); +- ++ ++ // remember the queueid for this message + queueid=smfi_getsymval(ctx, const_cast<char *>("i")); + if (!queueid) + { + queueid="unknown"; + warnmacro("i", "ENVFROM"); + } +- assassin->queueid = queueid; +- ++ sctx->queueid = strdup(queueid); + debug(D_MISC, "queueid=%s", queueid); + ++ // remember the SMTP AUTH login name ++ macro_auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}")); ++ if (!macro_auth_authen) ++ { ++ macro_auth_authen = ""; ++ // Don't issue a warning for the auth_authen macro as ++ // it is likely to be unset much of the time - it's ++ // only set if the client has authenticated. ++ // ++ // Similarly, we only issue warnings for the other ++ // auth-related macros if {auth_authen) is available. ++ // ++ // warnmacro("auth_authen", "ENVFROM"); ++ } ++ sctx->auth_authen = strdup(macro_auth_authen); ++ ++ // remember the SASL cipher bits ++ macro_auth_ssf = smfi_getsymval(ctx, const_cast<char *>("{auth_ssf}")); ++ if (!macro_auth_ssf) ++ { ++ macro_auth_ssf = ""; ++ if (strlen(macro_auth_authen)) { ++ warnmacro("auth_ssf", "ENVFROM"); ++ } ++ } ++ sctx->auth_ssf = strdup(macro_auth_ssf); ++ + // tell Milter to continue + debug(D_FUNC, "mlfi_envfrom: exit"); + +@@ -888,7 +939,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + + */ + const char *macro_b, *macro_i, *macro_j, *macro_r, +- *macro_s, *macro_v, *macro_Z, *macro__; ++ *macro_s, *macro_v, *macro_Z, *macro__, ++ *macro_auth_ssf, *macro_auth_authen; + char date[32]; + + /* RFC 822 date. */ +@@ -903,20 +955,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + } + + /* queue ID */ +- macro_i = smfi_getsymval(ctx, const_cast<char *>("i")); +- if (!macro_i) +- { +- macro_i = "unknown"; +- warnmacro("i", "ENVRCPT"); +- } ++ macro_i = sctx->queueid; + +- /* FQDN of this site */ +- macro_j = smfi_getsymval(ctx, const_cast<char *>("j")); +- if (!macro_j) +- { +- macro_j = "localhost"; +- warnmacro("j", "ENVRCPT"); +- } ++ /* FQDN */ ++ macro_j = sctx->our_fqdn; ++ ++ /* Sender address */ ++ macro__ = sctx->sender_address; + + /* Protocol used to receive the message */ + macro_r = smfi_getsymval(ctx, const_cast<char *>("r")); +@@ -925,7 +970,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + macro_r = "SMTP"; + warnmacro("r", "ENVRCPT"); + } +- ++ ++ /* SMTP AUTH details */ ++ macro_auth_authen = sctx->auth_authen; ++ macro_auth_ssf = sctx->auth_ssf; ++ + /* Sendmail currently cannot pass us the {s} macro, but + I do not know why. Leave this in for the day sendmail is + fixed. Until that day, use the value remembered by +@@ -953,22 +1002,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + warnmacro("Z", "ENVRCPT"); + } + +- /* Validated sending site's address */ +- macro__ = smfi_getsymval(ctx, const_cast<char *>("_")); +- if (!macro__) ++ assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n"); ++ assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); ++ ++ string rec_header; ++ ++ rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t"; ++ ++ if (strlen(macro_auth_ssf)) + { +- macro__ = "unknown"; +- warnmacro("_", "ENVRCPT"); ++ rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t"; + } + +- assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n"); +- assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); ++ rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + ++ macro_r + " id " + macro_i + ";\r\n\t" + ++ macro_b + "\r\n\t" + ++ "(envelope-from " + assassin->from() + ")\r\n"; + +- assassin->output((string) +- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+ +- "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ +- macro_b+"\r\n\t"+ +- "(envelope-from "+assassin->from()+")\r\n"); ++ debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str()); ++ assassin->output(rec_header); + + } else + assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); +@@ -1214,16 +1266,27 @@ mlfi_close(SMFICTX* ctx) + { + struct context *sctx; + debug(D_FUNC, "mlfi_close"); +- ++ + sctx = (struct context*)smfi_getpriv(ctx); + if (sctx == NULL) + return SMFIS_ACCEPT; + + if (sctx->helo) + free(sctx->helo); ++ if (sctx->our_fqdn) ++ free(sctx->our_fqdn); ++ if (sctx->sender_address) ++ free(sctx->sender_address); ++ if (sctx->queueid) ++ free(sctx->queueid); ++ if (sctx->auth_authen) ++ free(sctx->auth_authen); ++ if (sctx->auth_ssf) ++ free(sctx->auth_ssf); ++ + free(sctx); + smfi_setpriv(ctx, NULL); +- ++ + return SMFIS_ACCEPT; + } + +diff -up spamass-milter-0.3.2/spamass-milter.h.bits spamass-milter-0.3.2/spamass-milter.h +--- spamass-milter-0.3.2/spamass-milter.h.bits 2011-02-15 10:53:49.342257983 +0000 ++++ spamass-milter-0.3.2/spamass-milter.h 2011-02-15 10:53:49.354259879 +0000 +@@ -154,9 +154,6 @@ public: + // List of recipients after alias/virtusertable expansion + list <string> expandedrcpt; + +- // the sendmail queue id for this message; used for logging +- string queueid; +- + // Process handling variables + pid_t pid; + int pipe_io[2][2]; +@@ -167,6 +164,11 @@ struct context + { + struct in_addr connect_ip; // remote IP address + char *helo; ++ char *our_fqdn; ++ char *sender_address; ++ char *queueid; ++ char *auth_authen; ++ char *auth_ssf; + SpamAssassin *assassin; // pointer to the SA object if we're processing a message + }; + ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
